VMS Security Review Service 

Assessing Your System Security 



Many organizations have invested heavily in computer systems in the last decade; 
for most, these systems have become an essential resource — storing and processing 
volumes of corporate data. Financial data; product and sales data; personnel infor¬ 
mation; design, engineering, and manufacturing data. 

The security of this data, and of the systems storing it, is integral to the functioning 
of your organization. But how well are these systems and data protected? Does your 
organization have a computer security program? If so, is it appropriate to your busi¬ 
ness needs? If not, have you asked your MIS team to assess your current system secu¬ 
rity procedures and make recommendations for improvement? 

Ifyou’re considering such an effort, you should look into Digital’s VMS Security 
Review Service, which can help your MIS team evaluate your VAX/VMS security 
environment. This service provides a professional, third-party evaluation of system 
security procedures and offers recommendations for correcting any weaknesses. 

Features and Benefits 

Digital’s VMS Security Review Service offers: 

An on-site or remote study of your current security procedures and controls by a 
trained Security Consultant from Digital. s Security Expertise Center. 

Extensive on-line examination of your implementation of Digital’s VAX/VMS secu¬ 
rity features, using tools developed by Digital for this purpose. 

A report containing specific recommendations for improving system security. 

Greater peace of mind for your system security manager, who knows that security 
controls being implemented have been recommended by a trained Security Consul¬ 
tant from Digital, 













Computer Security: The Neglected 
Dimension 

In many organizations, computer 
security is of Len neglected due to more 
immediate day-to-day problems. Con¬ 
cerns about computer security are rele¬ 
gated to the wish list. 

But creating a formal security policy 
should be a high priority. The organiza¬ 
tion s data, systems, and software are 
invaluable; its day-to-day operations 
would be at risk if any of these resources 
were tampered with. The time for your 
MIS group to design a computer secu¬ 
rity program is now. And Digital s Secu¬ 
rity Review Service can strengthen 
their effort. 

For your MIS team, the first step will be 
to assess just how much protection is 
needed for your systems and data. Then, 
current security controls and procedures 
should be evaluated to determine their 
appropriateness. Finally, recommenda¬ 
tions for new procedures should he 
made and then implemented. 


In many organizations, this process will 
show that in some areas security is wholly 
adequate, while in others it is deficient. 
Identifying the deficiencies is the criti¬ 
cal step in creating a balanced security 
policy. And this is where Digital's VMS 
Security Review Service can help. 

The Security Review Service will evalu¬ 
ate your current procedures, identifying 
deficiencies and risks in system security 
and in the work environment; and it 
will recommend corrective actions for 
improving security. 

The security policy thus created by 
your MIS team will be designed specif¬ 
ically for your business requirements 
and your VAX computer systems. The 
policy will be able to utilize the range 
and flexibility of the security controls 
in VMS. These controls provide a con¬ 
sistent security mechanism across all 
VAX and MicroVAX systems—from 
Individual workstations to the largest 
mul tiprocessor configurations. 




What Aspects of Security Are 
Analyzed? 

The Digital Security Consultant will 
analyze a variety of factors that can 
affect your system security. Is the role of 
the system manager or system security 
manager clearly defined? As defined, 
does this role provide the authority 
needed to maintain system security at 
appropriate levels? 

Is your VMS operating system properly 
instiilled? Has each application pack¬ 
age been installed in a way that avoids 
changes in VMS system file protection? 

Is the login procedure adequate for 
the level of securi ty needed? Are user 
accounts designed with appropriate safe¬ 
guards? Are system privileges extended 
only to users needing them? 

Is disk space allocated with care? What 
is the systems proxy access procedure? 

Are you using the VMS auditing facili¬ 
ties correctly? Are you auditing so often 
that you're missing a real problem? 

After answering these questions and 
more, the consultant looks beyond sys¬ 
tem security controls, and reviews your 
sites policy regarding such matters as 
idle terminals, hardcopy terminal use, 
and data disposal. 

The security of any information-process¬ 
ing operation requires that both environ¬ 
mental security measures and operating 
system safeguards be implemented. 

VMS provides the basic mechanisms for 
controlling access to the system and its 
data; it provides tools to ensure thaL sys¬ 
tem access is restricted to authorized 
users. Environmental security measures 
that complement VMS controls will pro¬ 
mote a safe, secure operation. In assess¬ 
ing the larger security environment, 
Digitals Security Consultant will take 


into account the unique culture of your 
organization. This will include an assess¬ 
ment of security awareness among your 
personnel and taking note of work prac¬ 
tices that may either enhance or weaken 
security. 

How Does the VMS Security Review 
Service Work? 

A Digital Security Consultant will 
contact your system management 
group. Together, they'll decide whether 
an on-site or remote (dialup) security 
review would be more appropriate. Sub¬ 
sequently, the Consultant will install 
several software tools on your VAX/VMS 
system(s); these tools are security moni¬ 
toring and assessment programs devel¬ 
oped by Digital to measure security on 
our own interna! VAX/VMS systems. 

The Consultant will then proceed 
to assess your security procedures, 
including: 

■ Password implementation 

* Disk space quota implementation 

■ File protection 

■ System audit procedure use 

* Proxy access procedure 

- System audit use 

■ User account implementation and use 

* Application software installation and use 

- DEC net installation and use 


Following this analysis, the Consultant 
will issue a report assessing current secu¬ 
rity on your system(s) and will recom¬ 
mend any changes that could improve 
your system security. 


Oigitaks Commitment to Secure 
Systems 

The VMS Security Review Service is one 
more demonstration of Digital's commit¬ 
ment to providing secure products* 

Digital is offering the VMS Security 
Review Service in order to let users 
determine if they are using all of VMS' 
security features to maximum advan¬ 
tage. The recent publicity surrounding 
violations and lapses in computer secu¬ 
rity has made many companies uneasy. 
Digital's response to this threat is to 
recommend that you have your system 
security evaluated professionally by a 
Digital Security Consultant. If the Con¬ 
sultant recommends more security con¬ 
trols, follow these recommendations* 
The Security Review Service helps you 
meet your security needs with the appro¬ 
priate security policy, implementation, 
and practice* 
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